Employee absenteeism is rising among IT managers and employees, as are burnout rates in this professional category. The reason is often the continuous threat of cyber-attacks combined with too little recognition from management. So how can we bring cybersecurity to management's attention and take the proper measures?
The silent crisis
A third of IT specialists are considering resignation in the next two years following stress or burnout due to increased cyber threats. Because many SMEs don't have in-house specialised security professionals, cybersecurity is often the responsibility of IT managers and staff. In fact, according to figures from Mimecast's State of Ransomware Readiness survey, more than half of them say that their jobs become more stressful every year and that ransomware attacks have a negative impact on their mental health.
According to the same survey, almost half of those surveyed also experience increasing pressure to prepare for a ransomware attack due to all the media coverage of these incidents. After all, the toll is high: reputational damage, possible ransom payments, recovery of systems, additional staff, extra security measures, and on top of that, IT staff also worry about cyber insurance coverage.
The damage from an attack sometimes runs into millions of euros, and all these risks rest partly on the shoulders of the IT department. Given the vast labour shortage and cyber-attacks that are becoming more sophisticated, these are developments that companies can no longer ignore.
IT managers may leave
According to a study by Proximus, one in three companies (32%) in the Benelux faced a cybersecurity incident in 2022 (phishing, ransomware, malware). And cybersecurity specialists expect that the risk of cyber-attacks can and will only increase in the next two years. Yet executives still need to take the subject seriously. Indeed, 1 in 5 companies hit by ransomware attacks face changes at the board level.
"We often see that after an attack, whether justifiably or not, the IT manager is found not capable enough and therefore has to step aside, or this person himself concludes that there is too little support within the board for professionalising cybersecurity and leaves himself," says Anne Mason, CEO at Eye Security Belgium. The pressure on IT departments is enormous, while most of the work they perform remains - by its very nature - relatively invisible in the organisation. "Until things go wrong one day, and all fingers suddenly point in that direction."
Too few resources
Moreover, IT departments often need more resources due to insufficient budget allocations. "Board members still think of cyber security as a cost, not an investment," says Anne Mason, CEO at Eye Security Belgium. "While these people need to defend the organisation against cyber criminals - who often have unlimited resources. That is mopping with the water running." However, adequate cyber security can yield handsome savings. For example, Eye Security's CyberGuard solution offers a return of as much as 300 per cent.
Creating a healthy working environment
Essential in dealing with the pressures posed by cyber threats is for boards to have an eye on IT staff. "Demand in the market is huge: everyone is looking for specialists," says Anne Mason, CEO at Eye Security Belgium. "But more important than finding new talent is knowing how to retain the existing IT team with attention to their (mental) health. The board members must take the pressure and responsibility felt by IT managers and employees seriously. Only in this way can an organisation retain valuable employees, attract new talent and assure itself of solid security."
One possible solution is to take a professional, external cybersecurity partner under its wing, lifting this burden off the IT team. When the IT department knows that the security of their systems is in the hands of cybersecurity experts and that they can rely on a reliable co-pilot, it gives a lot of peace of mind and support.
• Many SMEs lack access to specialised security professionals, leaving them very vulnerable regarding cybersecurity.
• Executives often need to pay more attention to the importance of an adequate cybersecurity approach, which can lead to insufficient protection against cyber-attacks.
• Too limited resources (budgets, human capital) hinder effective corporate cybersecurity.
• Consider a reliable external partner such as Eye Security to outsource cyber security, thus easing the workload on the IT department.
Want to know more about the solutions Eye Security offers to protect businesses from cyberattacks? Get in touch via Eye Security's website or perform an online risk scan without any further obligation. With their expertise and experience in cybersecurity, they help improve companies' security strategies and support IT departments in the fight against cybercrime.
Sustainability. Growth. Digitalisation. These are the words everyone’s using about the logistics landscape of 2023. But what do they mean for individual businesses – and for security?
Multi-Factor Authentication (MFA) is not sufficient. Various attacks, such as EvilProxy, can bypass MFA. Here, we discuss how you can defend yourself.
Software and operating systems are constantly evolving. Those that are no longer maintained - such as Window Server - may be hiding unmitigated security vulnerabilities within your business. Proactively assessing your infrastructure strengthens your security posture and your resilience against cyber threats.
Vishing attacks (voice phishing attacks) are getting more sophisticated. In this article, we cover the details of a real vishing attack that we prevented. Includes digital forensics, incident response, mitigation and prevention measures and IoC lists.